Healthcare Data Breach Report for April 2020

In April 2020, 37 healthcare data breaches involving at least 500 records were reported That number is only one more than the number of breaches in March and is still lower than the average number of data breaches per month in the last 12 months, which is 41.9.

Although there was a slight increase in the number of breaches, the number of breached healthcare records in April is significantly lower. There were 442,943 breached healthcare records in April, which is 46.56% lower than the 828,921 breached records in March. For the second successive month, the number of exposed records has dropped. Although this is unquestionably good news, it must be mentioned that in the last year, there are about 39.92 million breached healthcare records.

Causes of Healthcare Data Breaches in April

Just like in March, the leading causes of healthcare data breaches are hacking and IT incidents. Other common causes of breaches are unauthorized access/disclosure incidents, which increased by 77.77% compared to last month.

Of the 18 reported hacking/IT incidents, 333,838 records were compromised, which is 75.37% of all breached records in April. The average and median breach size were 18,547 records and 4,631 records, respectively. There were 16 reported breaches due to unauthorized access/disclosure incidents, having an average breach size of 6,171 records and a median breach size of 1,122 records. The total number of breached records from the 16 incidents were 98,737 records.

In April, two theft incidents involving portable electronic devices were reported. The devices contained the records of 3,645 people. Another lost portable electronic device also contained the data of 6,723 patients.

Location of Breached Protected Health Information

Email is certainly the most frequent location of breached health data. Of all reported breaches in April, 48.65% involved PHI contained in email messages and attachments. Most breaches were due to phishing attacks. 80% of the healthcare data breaches involved electronic data; 20% involved paper files and charts.

Healthcare Data Breaches by Covered Entity Type

Healthcare providers reported 30 breaches in April. Health plans reported 4 breaches in April, while business associates of HIPAA-covered entities reported three breaches. But business associates also had some involvement in 8 breaches.